Skip to main content
Skip table of contents

SQL Server Trace File Converter (TFC) User Guide

TFC v.2.0.0

SQL Server trace files store C2 audit log data and user-defined audit logs in a Microsoft proprietary binary format. SQL Server Trace File Converter (TFC) is a LogRhythm service that can convert trace files into UTF-8 encoded text files. The LogRhythm System Monitor can read the converted files and forward their contents to the Mediator for processing.

SQL Server TFC can convert trace files from the following versions of SQL Server:

  • SQL Server 2005 Developer
  • SQL Server 2005 Enterprise
  • SQL Server 2008 Enterprise

SQL Server 2012 TFC can convert trace files from the following versions of SQL Server:

  • SQL Server 2008 R2
  • SQL Server 2012
  • SQL Server 2014 

You cannot upgrade from one version of TFC to another, and you should not attempt to install different versions of TFC on the same machine.

Prerequisites

  • Any currently supported version of LogRhythm.
  • LogRhythm KB version 6.1.350.1 or later or 7.1.350.1 or later.
  • The user account running the SQL TFC must have read and delete permissions on the trace files created by SQL Server.
  • SQL Server Management Objects (SMO) must be installed on the same system where TFC is running. SMO is part of the SQL Server Client tools SDK. For more information, click here.
  • SQL Server Mgmt Studio (SSMS) must be installed on the same system where TFC is running. For more information, click here.
  • For SQL Server 2012 TFC, Microsoft® System CLR Types for Microsoft® SQL Server® 2012 and Microsoft® SQL Server® 2012 Shared Management Objects must be installed on the same system where TFC is running. CLR Types should be installed first. For more information, click here.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close